Microsoft Security Development Lifecycle (SDL) - Version 5.0

Microsoft has release it's fifth version of Secure Development Lifecycle document. It provide guidance and illustrates the way Microsoft applies the SDL to its products and technologies. In addition, it includes security and privacy requirements and recommendations for secure software development at Microsoft. It addresses SDL guidance for Waterfall and Spiral development, Agile development, web applications and Line of Business applications.

It can be downloaded from http://go.microsoft.com/?linkid=9724944.

Screen for more productivity

Today, majority of people are using Windows but what I’m going to talk about is Screen.

Screen is a GNU utility that allows you to use multiple windows (virtual VT100 terminals) in Unix/Linux. Although, if you have a console access, you could spawn multiple terminals, there are two features I would like to highlight.

First, is the fact that screen stays active, even when SSH session is terminated. All processes initiated will keep running and could be re-attached once SSH connection is re-established. Furthermore, since screen session initiates a separate process rather than login session, it is more resource efficient.

In addition, using Screen, it is possible to share processes between multiple users and/or protect using password. For example, you create a screen session and run a command. Another person would be able to list existing screen sessions (screen –ls) and attach a session to their terminal (screen –r). Of course, that is not very secure, therefore it is possible to protect the screen session using user password.

jmarkh@ubuntu-01:~$ screen -S nmap
[detached]
jmarkh@ubuntu-01:~$ screen -S nessus
[detached]
jmarkh@ubuntu-01:~$ screen -ls
There are screens on:
15833.nessus (10-04-08 10:52:20 AM) (Detached)
15813.nmap (10-04-08 10:52:10 AM) (Detached)
15620.pts-0.ubuntu-01 (10-04-08 10:29:38 AM) (Detached)
3 Sockets in /var/run/screen/S-jmarkh.

Here are some commands/shortcuts that could be used with Screen (note that every screen command begins with Ctrl-a):

Ctrl-a c	Create new window (shell)
Ctrl-a k	Kill the current window
C-a C-x	Lock this terminal.
Ctrl-a w	List all windows (the current window is marked with "*")
Ctrl-a 0-9	Go to a window numbered 0-9
Ctrl-a n	Go to the next window
Ctrl-a Ctrl-a	Toggle between the current and previous window
Ctrl-a [	Start copy mode
Ctrl-a ]	Paste copied text
Ctrl-a ?	Help (display a list of commands)
Ctrl-a Ctrl-\	Quit screen
Ctrl-a D (Shift-d)	Power detach and logout
Ctrl-a d	Detach but keep shell window open

The man pages for screen are quite readable and make a good tutorial.

man screen